﻿using Microsoft.AspNetCore.Authorization;
using Microsoft.IdentityModel.Tokens;

namespace MyCompany.MyProject.Extensions.Auth;

/// <summary>
/// 必要参数类，类似一个订单信息
/// 继承 IAuthorizationRequirement 用于设计自定义权限处理器 PermissionHandler
/// 因为 AuthorizationHandler 中的泛型参数 TRequirement 必须继承 IAuthorizationRequirement
/// </summary>
public class PermissionRequirement : IAuthorizationRequirement
{
    /// <summary>
    /// 用户权限集合，一个用户可能会有多个权限（这里是Role和URL的对应关系）
    /// </summary>
    public List<PermissionItem> Permissions { get; set; }
    /// <summary>
    /// 无权限 action
    /// </summary>
    public string DeniedAction { get; set; }
    /// <summary>
    /// 认证授权类型
    /// </summary>
    public string ClaimType { get; set; }
    /// <summary>
    /// 请求路径
    /// </summary>
    public string LoginPath { get; set; } = "/Api/Login";
    /// <summary>
    /// 发行人
    /// </summary>
    public string Issuer { get; set; }
    /// <summary>
    /// 订阅人
    /// </summary>
    public string Audience { get; set; }

    /// <summary>
    /// Token 过期时间
    /// </summary>
    public TimeSpan Expiration { get; set; }
    /// <summary>
    /// 刷新 Token 过期时间
    /// </summary>
    public TimeSpan RefreshExpiration { get; set; }
    /// <summary>
    /// 签名凭据
    /// </summary>
    public SigningCredentials  SigningCredentials { get; set; }

    /// <summary>
    /// 构造函数
    /// </summary>
    /// <param name="deninedAction">拒绝请求的 url</param>
    /// <param name="permissions">权限集合</param>
    /// <param name="claimType">声明类型</param>
    /// <param name="issuer">发行人</param>
    /// <param name="audience">订阅人</param>
    /// <param name="signingCredentials">签名验证</param>
    /// <param name="expiration">过期时间</param>
    public PermissionRequirement(string deniedAction,List<PermissionItem> permissions,string claimType,string issuer,string audience,SigningCredentials signingCredentials,TimeSpan expiration,TimeSpan refreshTime)
    {
        ClaimType = claimType;
        Issuer = issuer;
        Audience = audience;
        Expiration = expiration;
        DeniedAction = deniedAction;
        Permissions = permissions;
        SigningCredentials = signingCredentials;
        RefreshExpiration = refreshTime;
    }
}
